Rule from ssl under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
HTTPS/SSL allows you to encrypt traffic and keep content users receive a secret.
But when the initial request to the site does not simply redirect and opens a page. That content could be exposed to prying eyes, and secrets leaked like passwords.
Using client-side redirections are fine for simple redirects but using it to switch between plain text and secure is a huge security problem.
These redirects (apart from the security issues) are also not cachable by the browsers.
Update the servers to use server-side status codes
302 to redirect.
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started